It Audit Test

01. Involvement of senior management is MOST important in the development of:

A. Strategic plans.

B. Info Security policies.

C. Info Security procedures.

D. Standards.

02. A probable advantage to an organization that has outsourced its data processing services is that:

A. Needed IS expertise can be obtained from the outside.

B. Greater control can be exercised over processing.

C. Processing priorities can be established and enforced internally.

D. Greater user involvement is required to communicate user needs.

03. The general ledger [гроссбух - главная бухгалтерская книга] setup function in an Enterprise Resource Planning System (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the:

A. Need to change accounting periods on a regular basis.

B. Requirement to post entries for a closed accounting period.

C. Lack of policies and procedures for the proper segregation of duties.

D. Need to create/modify the chart of accounts and its allocations.

04. In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:

A. There is an integration of IS and business staffs within projects.

B. There is a clear definition of the IS mission and vision.

C. There is a strategic information technology planning methodology in place.

D. The plan correlates business objectives to IS goals and objectives.

05. Implementation of access control FIRST requires:

A. A classification of IS resources.

B. The labeling of IS resources.

C. The creation of an access control list.

D. An inventory of IS resources.

06. IT control objectives are useful to IS auditors, as they provide the basis for understanding the

A. Desired result or purpose of implementing specific control procedures.

B. Best IT security control practices relevant to a specific entity.

C. Techniques for securing information....